The present disclosure relates to performing cipher text translation, and in particular to transforming cipher text from one encryption type or mode to another.
Encryption keys are created and may be given attributes which indicate how they will be used. Keys may be used for operations such as data encryption and decryption, message authentication, key wrapping, and other operations. Keys are categorized in different classes based on the intended use of the keys. Keys may be changed or destroyed when they are no longer needed, when they have been compromised, when they have expired, or when they no longer have a strong security status. When cipher text requires updating to be encrypted under a new encryption key or to change its format, the changes must be performed securely to maintain the security of the cipher text.
In one example of using keys in enciphering and deciphering operations, a cipher text translate (CTT) operation deciphers an arbitrary number of 64-bit cipher text blocks under an inbound triple data encryption standard (TDES) key with a provided inbound initial chaining vector creating clear text (also referred to as “cleartext”). The output of the decryption operation is clear text which is re-enciphered under a provided outbound TDES key with a provided outbound initial chaining vector. The output of the re-enciphering operation is re-enciphered text under the outbound TDES key. In this operation, both the inbound key and the outbound key are of the same enciphering type.
Another conventional methodology of decrypting cipher text and subsequent re-encipherment of the cleartext, includes performing two separate and distinct operations. In the first operation, the cipher text is decrypted to clear text, and in the second operation the cleartext is encrypted back into cipher text without state history linking or coupling the two operations together. One shortcoming of this form of methodology is that the re-encipherment may occur with a weaker key resulting in less secure data, unbeknownst to a user, such as a user requesting the re-encipherment. No past history of the decryption key in the decrypt step is saved, so the knowledge about the strength of the key used to decrypt the cipher text is lost by the time the re-encipherment occurs.
These methodologies may require multiple separate operations, may allow weakening of cipher text security with or without user knowledge, may change an encryption key to only a same type of key, and may not take into account padding of cipher text, which may be required in some translation operations.